Before going into details I all want to do is open port 22 or 2222 so that I can ssh into my Gentoo box and it has proven more difficult than it should be.

Issue 1:
I installed UFW and tried the GUI's kcm-ufw, ufw-frontends, as well as Fwbuilder. All of them would not let me activate the firewall (I believe iptables is the underlying firewall) and would also indicate the firewall isn't active. But I noticed no network traffic was coming in or out so checked UFW from the CLI and it was active. If I disable it then traffic resumes so clearly it is working at some level even if the GUI's can't talk to it.

Issue 2:
So I check any messages for UFW or iptables and there are some kernel options that need to be configured. http://wiki.gentoo.org/wiki/Iptables I add them all, recompile, and behaviour is the same. Not even sure if they are even related to the problem to be honest. Anyway, re-install UFW in the hopes that would do something but now when issuing

I'm on kernel 3.8.13 so it should be there but I don't have Kconfig anywhere???!!! Once again I am not sure if the fact that this kernel option not being active is the cause of my problem or will solve it because clearly the firewall is activated when I issue the enable command.

Have you followed the UFW installation insructions - i.e. added the ufw service to the default runlevel?
Also, did you run the configuration checker, /usr/share/ufw/check-requirements, and follow its recommendations?
These are mentioned in the ebuild messages.

UFW needs several kernel netfilter configuration options set; if you miss them, it won't start. One approach is simply to make modules for all the netfilter configuration options, and let UFW load what it wants to meet your particular firewall configuration.

I've used UFW for some time. Apart from needing to keep up with its netfilter requirements, it's been a lot simpler than guessing how to configure iptables et al._________________Greybeard

They'll tell you why you don't want SSH port open for server use. They'll also
tell you how to selectively enable/disable it.

If you wanted to use just iptables w/o ufw,

c) You write:

Quote:

Issue 3:

Can't find it for my life. If I search for it I only get
Quote:
Symbol: NF_NAT_FTP [=n] │
│ Type : tristate
which doesn't show any path to where it lives in the config.

The: NF_NAT_FTP [=n] means NAT isn't compiled into the kernel.
Go back and set it to [*] and try again.

Using the tool grep on your kernel config:

zgrep NAT /proc/config.gz

d) Alternatively, since more information is better than less, could you (please)

Code:

emerge wgetpaste
zcat /proc/config.gz > _fool
wgetpaste _fool

and put the resulting URL into a [ url = :URL: ] config.gz [ / url ] BBCode?_________________Stan: A signal? Why didn't you wake me?
790: It was a distress signal. They only lead to trouble, so I always ignore them. --Lexx

Thanks for all the good info folks. STill struggling with this. Really annoying to tell the truth. I may be a dunce but it really shouldn't be this diffcult to open a port. I am not even on a hardened version of Gentoo so not sure even why it is closed.

Anyway, I would add one thing. What I meant is that I can't find where NF_NAT_FTP lives in the kernel config.